Kubernetes 应用要求⚓︎
1 Kubernetes 的集群地址⚓︎
- 集群填写的是 K8S 的集群地址。
- 直接访问集群地址页面可以显示如下信息(如: https://10.1.13.67:6443),一般是 master 节点的 6443或8443 端口。
kubectl config view --minify
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.1.13.67:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
2 获取 Token 方法⚓︎
- 下面以 ko-admin 为例,如果你的系统中没有此账户可以使用其他有权限的账户或者新建。
kubectl get secret -n kube-system
> kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-qss79 kubernetes.io/service-account-token 3 44m
bootstrap-signer-token-ftqb6 kubernetes.io/service-account-token 3 44m
bootstrap-token-abcdef bootstrap.kubernetes.io/token 5 44m
certificate-controller-token-gm8mf kubernetes.io/service-account-token 3 44m
clusterrole-aggregation-controller-token-92v9j kubernetes.io/service-account-token 3 44m
coredns-token-mjpwp kubernetes.io/service-account-token 3 44m
cronjob-controller-token-bjdn5 kubernetes.io/service-account-token 3 44m
daemon-set-controller-token-6wljg kubernetes.io/service-account-token 3 44m
default-token-9pl84 kubernetes.io/service-account-token 3 44m
deployment-controller-token-wbpq6 kubernetes.io/service-account-token 3 44m
disruption-controller-token-9mrbr kubernetes.io/service-account-token 3 44m
endpoint-controller-token-hmgw5 kubernetes.io/service-account-token 3 44m
endpointslice-controller-token-pbnkw kubernetes.io/service-account-token 3 44m
endpointslicemirroring-controller-token-zkc6z kubernetes.io/service-account-token 3 44m
expand-controller-token-btlqv kubernetes.io/service-account-token 3 44m
flannel-token-qc6kw kubernetes.io/service-account-token 3 42m
generic-garbage-collector-token-j8c7c kubernetes.io/service-account-token 3 44m
horizontal-pod-autoscaler-token-v9d49 kubernetes.io/service-account-token 3 44m
job-controller-token-9pldd kubernetes.io/service-account-token 3 44m
ko-admin-token-kprl9 kubernetes.io/service-account-token 3 40m
kube-proxy-token-9pfd2 kubernetes.io/service-account-token 3 44m
metrics-server-token-cmdpk kubernetes.io/service-account-token 3 41m
namespace-controller-token-k94nh kubernetes.io/service-account-token 3 44m
nfs-client-provisioner-token-pb5qx kubernetes.io/service-account-token 3 28m
nginx-ingress-serviceaccount-token-vk8tm kubernetes.io/service-account-token 3 41m
node-controller-token-v5k59 kubernetes.io/service-account-token 3 44m
persistent-volume-binder-token-jfgm7 kubernetes.io/service-account-token 3 44m
pod-garbage-collector-token-7lptd kubernetes.io/service-account-token 3 44m
pv-protection-controller-token-fpqqm kubernetes.io/service-account-token 3 44m
pvc-protection-controller-token-wcrmp kubernetes.io/service-account-token 3 44m
replicaset-controller-token-9g9s7 kubernetes.io/service-account-token 3 44m
replication-controller-token-xg4fq kubernetes.io/service-account-token 3 44m
resourcequota-controller-token-lskn4 kubernetes.io/service-account-token 3 44m
root-ca-cert-publisher-token-sdt67 kubernetes.io/service-account-token 3 44m
service-account-controller-token-2xr8k kubernetes.io/service-account-token 3 44m
service-controller-token-9dghl kubernetes.io/service-account-token 3 44m
statefulset-controller-token-wqm5v kubernetes.io/service-account-token 3 44m
token-cleaner-token-gv552 kubernetes.io/service-account-token 3 44m
ttl-controller-token-cgqcd kubernetes.io/service-account-token 3 44m
kubectl describe secret ko-admin-token-kprl9 -n kube-system
> kubectl describe secret ko-admin-token-kprl9 -n kube-system
Name: ko-admin-token-kprl9
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: ko-admin
kubernetes.io/service-account.uid: 8be05ad6-83ce-483b-9324-7c3f041c6da1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1038 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImlCVkhHTlhHem9idXNtYmtsaVpDZXRESVFMSHRFNUdsOFJWOXc0MnRZTG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvsA50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmAxbmV0ZXMuaW8vc6VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrby1hZG1pbi10b2tlbi1rcHJsOSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2AxdmljZS1hY2NvdW50Lm5hbQAiOiJrby1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFiQ291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiZTA1YWQ2LTgzY2UtNDgzYi05MzI0LTdjM2YwNDFjNmRhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprby1hZG1pbiJ9.qP04Yd6sTf5IDbQ_9lF_VdoyBEN5UCBmp1P7tvv9Fn9ibZFOGsupXjzbxCMhu3HhkGSE1pUuu1NNmcJUCUb_pFi5x5Bvo2xkF1_SfQACo40kzrUQ9ATTX8wuDzpiNw9sjf-_1l7rwnseOC4WJYNQIOs9i9FOeyRPYbKvkwsysJBVCq_XkoqvZt9xPp-LtsMUdWKHhLKUkBBM5F1NpVyahSrrsgH2lRuNsGALGb0FGIwYfMWN6KaHim2eeOaH4nqnVJ0WGCVJNx9-_PJQXfFWZtnceF_IiTUGwC7fqrA7T-5vOafPvG7c6PgjPzgMyEo4ade1bRV3fM98gHs_5v-oVw
上面 token: 后面的内容就是我们需要的 token,把这个内容填写到 JumpServer 账号列表中即可。